All About Circuits

Changing Passwords

Search Forums New Posts
nsaspook

Thread Starter

nsaspook

Joined Aug 27, 2009
16,320
http://gizmodo.com/the-guy-who-invented-those-annoying-password-rules-now-1797643987
We’ve all been forced to do it: create a password with at least so many characters, so many numbers, so many special characters, and maybe an uppercase letter. Guess what? The guy who invented these standards nearly 15 years ago now admits that they’re basically useless. He is also very sorry.

The man in question is Bill Burr, a former manager at the National Institute of Standards and Technology (NIST). In 2003, Burr drafted an eight-page guide on how to create secure passwords creatively called the “NIST Special Publication 800-63. Appendix A.” This became the document that would go on to more or less dictate password requirements on everything from email accounts to login pages to your online banking portal. All those rules about using uppercase letters and special characters and numbers—those are all because of Bill.


The only problem is that Bill Burr didn’t really know much about how passwords worked back in 2003, when he wrote the manual. He certainly wasn’t a security expert. And now the retired 72-year-old bureaucrat wants to apologize.

“Much of what I did I now regret,” Bill Burr told The Wall Street Journalrecently, admitting that his research into passwords mostly came from a white paper written in the 1980s, well before the web was even invented. “In the end, [the list of guidelines] was probably too complicated for a lot of folks to understand very well, and the truth is, it was barking up the wrong tree.”
Click to expand...
There is a special place in Hell for him. :mad:
 
Alec_t

Alec_t

Joined Sep 17, 2013
15,117
One obvious problem with the rules is that they make the password totally unmemorable for many people, so they have to write it down; which drastically weakens the security.
 
strantor

strantor

Joined Oct 3, 2010
6,875
What are you insinuating? that if I don't change my password quarterly I won't be at any additional risk of compromise? That's ludicrous! Everyone knows that the longer you hold on to a single password, the closer it gets to cracking itself. I haven't changed my Yahoo password in 10 years and my account is just wide open now. I can log in from anywhere, just by typing in my username.

</sarcasm>
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
A How Digital Transformation Is Changing Embedded System Development Software & IDEs 1
A Half Bridge SMPS using SG3525+IR2110, Output not changing with duty cycle Power Electronics 4
Z Close Switch for 10+ Seconds Before Changing Output Digital Design 8
SamR The times, they are a changing General Electronics Chat 82
E I want to understand about connection diagram of tap changing transformer. General Electronics Chat 7
Similar threads
How Digital Transformation Is Changing Embedded System Development
Half Bridge SMPS using SG3525+IR2110, Output not changing with duty cycle
Close Switch for 10+ Seconds Before Changing Output
The times, they are a changing
I want to understand about connection diagram of tap changing transformer.

You May Also Like

Top